Chrome isn't impervious to security issues either. There just was recently a working proof-of-concept that bypassed all of Chrome's built-in security features and ASLR and DEP. As such it's still possible to infect a Chromebook, atleast until it is rebooted if the malware payload is only resident in memory. As such getting the credentials is still quite easy. Google should go for two-factor authentication, not just username/password.

In my opinion, even if the browser security is compromised, chromebook are running a restricted number of processes, that should be (hopefully ) easier to control. Note that it doesn't prevent from rewriting executing code (covered by NX flag and address space randomization).

Of course we are not in a ideal world, and security probably have been overlooked.

However, I fell more concerned about Using an OS that is not self contained for development .

If you're talking about the exploit by that French "security company" who refuses to show any proof of their claim nor have any plans to tell Google what it is instead selling their exploit to the highest bidder, well that is a bunch of horsecrap.
That's not saying Chrome won't have issues but this is probably not it.